Total
254875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0442 | 1 Mybb | 1 Mybb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. | |||||
| CVE-2006-4714 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. | |||||
| CVE-2006-1355 | 1 Alwil | 1 Avast Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
| avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files. | |||||
| CVE-2006-2138 | 1 Neomail | 1 Neomail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | |||||
| CVE-2005-3835 | 1 Desklance | 1 Desklance | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. | |||||
| CVE-2005-1152 | 1 Debian | 1 Qpopper | 2024-02-04 | 2.1 LOW | N/A |
| popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions. | |||||
| CVE-2005-0523 | 1 Prozilla | 1 Prozilla Download Accelerator | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | |||||
| CVE-2006-2396 | 1 Phpodp | 1 Phpodp | 2024-02-04 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. | |||||
| CVE-2006-2343 | 1 Adventnet | 1 Manageengine Opmanager | 2024-02-04 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-3015 | 1 Ibm | 2 Lotus Domino, Lotus Domino Enterprise Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. | |||||
| CVE-2006-0270 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. | |||||
| CVE-2006-1869 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. | |||||
| CVE-2004-2470 | 1 Madbms | 1 Madbms | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins. | |||||
| CVE-2005-3178 | 2 Xli, Xloadimage | 2 Xli, Xloadimage | 2024-02-04 | 5.1 MEDIUM | N/A |
| Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. | |||||
| CVE-2006-2768 | 1 Ipw Systems | 1 Metajour | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php. | |||||
| CVE-2005-3820 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. | |||||
| CVE-2004-2619 | 1 Paul L Daniels | 1 Ripmime | 2024-02-04 | 7.5 HIGH | N/A |
| ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. | |||||
| CVE-2004-0812 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 2.1 LOW | N/A |
| Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code. | |||||
| CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2024-02-04 | 2.6 LOW | N/A |
| The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | |||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | |||||